Cybercriminals can easily attempt to break into shared hosting environments to use their resources for different types of attacks. Phishing is one of the most irritating forms, where the provider, the website owner and all of their visitors are affected.
These attacks also highlight the responsibility of hosting providers, and that’s why we have just launched BitNinja’s new anti-phishing feature, to give a new weapon in your hands for fighting the hackers.
Phishing is quite an old-school hacker technique, which seems to never go out of fashion. Since the technique simply aims to trick someone into clicking a malicious link is the easiest way to fetch sensitive information and steal payment credentials. All it takes is putting some effort into the design – by using a legitimate organization’s logos and contents into an email or on a website.
Thousands of websites visitors click on phishing domains every day, but not only users are targeted – the first step is getting into the web hosting companies’ server.
Despite the careful actions, educational contents and defensive lines in place, we’ve started to get more and more e-mail from our customers, asking for help in finding phishing contents more effectively.
So, how can infections get through?
There are two ways which seem to be the problem in every case: they get in due to a lack of proper configuration, or they might have been hiding on your server for a really long time, which BitNinja couldn’t spot without you running a manual malware scan.
We know exactly that users complaining about Google flagging their websites are a huge pain point. That’s why we have introduced this new feature on the Dashboard, so you’ll get feedback about any hiding infection and extra guidance for the proper configuration.
Of course, security awareness training and educational contents might also have an impact on preventing these attacks, but let’s face it: we cannot expect every user to update their CMS, keep rotating passwords and upgrade their plugins. That’s why we are here to help through BitNinja.
Anti-phishing from BitNinja
From now on, you’ll be able to recognize and clean your server from any phishing content before your customers would even notice that something is wrong. So your reputation won’t get hurt because of phishing anymore.
How do we do it?
BitNinja checks twice a day if there's any flagged website on your servers based on the information on Phishtank's trusted database. This information will help you to keep your servers clean and optimize your BitNinja configurations.
Moreover, you’ll not only see active phishing content listed here, but you’ll also receive feedback if clean up succeeded and the URL was delisted from Phishtank’s database.
What to do with this info?
It is always an option to check the flagged locations and cleaning up the infected files manually. However, as infections can still get through your shield due to the lack of proper configuration, we suggest these steps to automate protection if you see any website here:
1) Create a custom WAF pattern for the location with Safe Minimum Ruleset, and activate the Lock down feature if needed
2) Activate the Malware Detection module for real-time malware protection, if it's not active yet
3) Run a full Malware Scan to find any legacy infection on your servers
4) Check the malware correlation info at the folder /var/log/bitninja/correlations/YYYY/MM/DD/hh_mm_uniqid. Soon, this piece of information will be available in the Infected Files menu to see if the Defense Robot found any backdoors that need patching
Thanks for your feedback!
We hope this useful feature will help you to detect malicious content easily and keep your servers cleaner than ever.
As always, every feedback is much appreciated and please ping us a message for further feature requests.